How can I verify that login attempts are being logged?

Latest response

For compliance purposes, I need to ensure that successful and failed logins are being logged. I know Red Hat Linux logs all logins by default. Where is that logging configured? How can I prove to an auditor that login logging hasn't been disabled? I'm using Red Hat Enterprise Linux 7.

A little more information: most users log in via SSH. Administrators have console access. We use Centrify to connect our systems to Active Directory.

Responses